1

TRAINING REPORT
On

CCNA-Routing & Switching

Submitted to Kurukshetra University in partial fulfilment of the
requirement for the award of the degree of

B.TECH
ELECTRONICS & COMMUNICATION ENGINEERING
To

DEPARTMENT OF ELECTRONICS & COMMUNICATION

ENGINEERING

ICL INSTITUTE OF ENGINEERING & TECHNOLOGY SOUNTLI,

AMBALA-134003

SUBMITTED TO:

SUBMITTED BY:

Mrs. Seema Sharma

Vishav Verma

Desg: Head of
Department(Electronics)

B.TECH (Electronics and

Communiations)
7th Semester
4713309
ICL Institute of Engineering and

ACKNOWLEDGEMENT
It is our pleasure to be indebted to various people, who
directly or indirectly contributed in the development of this
work and who influenced my thinking, behaviour and acts
during the course of study.
We express our sincere gratitude to PRINCIPAL worthy
Principal for providing me an opportunity to undergo Technical
Training as the part of the curriculum.
We are thankful to Mr.Lokesh

Dogra for his support,

cooperation, and motivation provided to us during the training

for constant inspiration, presence and blessings.

Lastly, we would like to thank the almighty and our parents for
their moral support and friends with whom we shared our dayto day experience and received lots of suggestions that
improves our quality of work.

Vishav Verma
B.Tech(ECE)
4713309
7th Semester

CANDIDATES DECLARATION
I Vishav Verma bearing Roll No. 4713309, B.Tech
(Semester-7th)

of

the

ICL

Institute

of

Engineering

&

Technology, Sountli (Ambala) hereby declare that the

Training Report entitled CCNA-Routing & Switching is an
original work and data provided in the study is authentic to the
best of our knowledge. This report has not been submitted to
any other Institute for the award of any other degree.

Vishav Verma
Place:

Date:

CONTENTS
Introduction(networking)
OSI and TCP/IP model
Routers and Routing protocols
Switch and Switching
LAN
WAN
Wireless Router
VLAN
ACLs
Network configuration steps

INTRODUCTION
In the world of computers, networking is the practice of interfacing two or more computing
devices with each other for the purpose of sharing data. Computer networks are built with a
combination of hardware and software.

Area Networks
Computer networks can be categorized in several different ways. One approach defines the
type of network according to the geographic area it spans.
Local area networks (LANs), for example, typically span a single home, school, or small
office building, whereas wide area networks (WANs), reach across cities, states, or even
across the world. The Internet is the world's largest public WAN.

Network Design
Computer networks also differ in their design approach. The two basic forms of network
design are called client/server and peer-to-peer. Client-server networks feature
centralized server computers that store email, Web pages, files and or applications. On a
peer-to-peer network, conversely, all computers tend to support the same functions. Clientserver networks are much more common in business and peer-to-peer networks much more
common in homes.
A network topology represents its layout or structure from the point of view of data flow. In
so-called bus networks, for example, all of the computers share and communicate across
one common conduit, whereas in a star network, all data flows through one centralized
device.
Common types of network topologies include bus, star, ring networks and mesh networks.

Network Protocols

Communication languages used by computer devices are called network protocol.

Yet another way to classify computer networks is by the set of protocols they support.

6
Networks often implement multiple protocols with each supporting specific applications.
Popular protocols include TCP/IP, the most common protocol found on the Internet and in
home networks.
Whether its wired or wireless, most data communications today happens by way of packets
of information travelling over one or more networks. But before these networks can work
together, though, they must use a common protocol, or a set of rules for transmitting and
receiving these packets of data. Many protocols have been developed. One of the most
widely used is the Transmission Control Protocol/Internet Protocol (TCP/IP). Also, a generic
protocol model used in describing network communications known as the Open System
Interconnection (OSI) model is useful for comparing and contrasting different protocols.

The OSI (Open System Interconnection) Model:

Designated ISO/IEC 7498-1, the OSI model is a standard of the International Organization
for Standardization (ISO). It is a general-purpose paradigm for discussing or describing how

7
computers communicate with one another over a network. Its seven-layered approach to
data transmission divides the many operations up into specific related groups of actions at
each layer (Fig. 1).

1. In the OSI model, data flows down the transmit layers, over the physical link, and
then up through the receive layers.
The transmitting computer software gives the data to be transmitted to the applications layer,
where it is processed and passed from layer to layer down the stack with each layer
performing its designated functions. The data is then transmitted over the physical layer of
the network until the destination computer or another device receives it. At this point the data

8
is passed up through the layers again, each layer performing its assigned operations until
the data is used by the receiving computers software.
During transmission, each layer adds a header to the data that directs and indentifies the
packet. This process is called encapsulation. The header and data together form the data
packet for the next layer that, in turn, adds its header and so on. The combined
encapsulated packet is then transmitted and received. The receiving computer reverses the
process, de-encapsulating the data at each layer with the header information directing the
operations. Then, the application finally uses the data. The process is continued until all data
is transmitted and received.
All of the necessary and desirable operations required are grouped together in a logical
sequence at each of the layers. Each layer is responsible for specific functions:
Layer 7 application: This layer works with the application software to provide
communications functions as required. It verifies the availability of a communications partner
and the resources to support any data transfer. It also works with end applications such as
domain name service (DNS), file transfer protocol (FTP), hypertext transfer protocol (HTTP),
Internet message access protocol (IMAP), post office protocol (POP), simple mail transfer
protocol (SMTP), Telenet, and terminal emulation.
Layer 6 presentation: This layer checks the data to ensure that it is compatible with the
communications resources. It ensures compatibility between the data formats at the
applications level and the lower levels. It also handles any needed data formatting or code
conversion, as well as data compression and encryption.
Layer 5 session: Layer 5 software handles authentication and authorization functions. It
also manages the connection between the two communicating devices, establishing a
connection, maintaining the connection, and ultimately terminating it. This layer verifies that
the data is delivered as well.

9
Layer 4 transport: This layer provides quality of service (QoS) functions and ensures the
complete delivery of the data. The integrity of the data is guaranteed at this layer via error
correction and similar functions.
Layer 3 network: The network layer handles packet routing via logical addressing and
switching functions.
Layer 2 data link: Layer 2 operations package and unpack the data in frames.
Layer 1 physical: This layer defines the logic levels, data rate, physical media, and data
conversion functions that make up the bit stream of packets from one device to another.
There are two key points to make about the OSI model. First, the OSI model is just that, a
model. Its use is not mandated for networking, yet most protocols and systems adhere to it
quite closely. It is mainly useful for discussing, describing, and understanding individual
network functions.
Second, not all layers are used in some simpler applications. While layers 1, 2, and 3 are
mandatory for any data transmission, the application may use some unique interface layer to
the application instead of the usual upper layers of the model.

TCP/IP:
TCP/IP was developed during the 1960s as part of the Department of Defenses (DoD)
Advanced Research Projects Agency (ARPA) effort to build a nationwide packet data
network. It was first used in UNIX-based computers in universities and government
installations. Today, it is the main protocol used in all Internet operations.

10
TCP/IP also is a layered protocol but does not use all of the OSI layers, though the layers
are equivalent in operation and function (Fig. 2). The network access layer is equivalent to
OSI layers 1 and 2. The Internet Protocol layer is comparable to layer 3 in the OSI model.
The host-to-host layer is equivalent to OSI layer 4. These are the TCP and UDP (user
datagram protocol) functions. Finally, the application layer is similar to OSI layers 5, 6, and 7
combined.

2. The seven layers of the OSI model somewhat correspond with the four layers that
make up the TCP/IP protocol.
The TCP layer packages the data into packets. A header thats added to the data includes
source and destination addresses, a sequence number, an acknowledgment number, a
check sum for error detection and correction, and some other information (Fig. 3). The

11
header is 20 octets (octet = 8 bits) grouped in 32-bit increments. These bits are transmitted
from left to right and top to bottom.

3. The header is added and then removed during the encapsulation and deencapsulation of the packet data at the TCP layer.
At the receiving end of the link, TCP reassembles the packets in the correct order and routes
them up the stack to the application. TCP can retransmit a packet if an error occurs. In any
case, TCPs main job is just to pack and unpack the data and provide some assurance of the
reliable transmission of error-free data. The IP layer actually transmits the TCP packet.

12
The IP layer transmits the data over the physical-layer connection. IP adds its own header to
the packet (Fig. 4). The header comprises 32 octets again grouped in 32-bit words. Note the
32-bit source and destination addresses. These are the well-known IP addresses that we
see in dotted decimal format (e.g., 197.45.204.36) where each 8-bit octet is expressed in its
decimal value. This is the address assigned to the device by the Internet Assigned Numbers

13
Authority (IANA).

14
4. The IPv4 header is used during the Internet Protocol process in data transmission.
Note the 32-bit source and destination addresses.
The header in Figure 4 is that used in IP version 4 (IPv4). Since the IANA has run out of 32bit addresses (232 of them!), a newer version is rapidly being adopted. IPv6 uses 128-bit
addresses (Fig. 5). With 2128 addresses, there should be enough for all of the planets
computers, tablets, and smart phones as well as all of the devices that may be connected to
form the so-called Internet of Things (IoT).

15
5. The new IPv6 header for the Internet Protocol is similar to IPv4 but uses 128-bit
source and destination addresses.
Once the IP header is added to the data, it is transferred to the Network Access layer. This
layer repackages the data again into Ethernet packets or some other protocol for final
physical transmission. The Ethernet packets are then reconfigured again for transmission
over a DSL or cable TV connection or over a wide-area network using Sonet or optical
transport network (OTN).

16

ROUTERS AND ROUTING PROTOCOLS:

Routers are Computers
A router is a computer, just like any other computer including a PC. The very first
router, used for the Advanced Research Projects Agency Network (ARPANET), was the
Interface Message Processor (IMP). The IMP was a Honeywell 316 minicomputer; this
computer brought the ARPANET to life on August 30, 1969.

Note: The ARPANET was developed by Advanced Research Projects Agency (ARPA) of the
United States Department of Defense. The ARPANET was the world's first operational
packet switching network and the predecessor of today's Internet.

Routers have many of the same hardware and software components that are found in other
computers including:
CPU
RAM
ROM
Operating System
A router connects multiple networks. This means that it has multiple interfaces that
each belong to a different IP network. When a router receives an IP packet on one interface,
it determines which interface to use to forward the packet onto its destination. The interface
that the router uses to forward the packet may be the network of the final destination of the
packet (the network with the destination IP address of this packet), or it may be a network
connected to another router that is used to reach the destination network.

17

Each network that a router connects to typically requires a separate interface. These
interfaces are used to connect a combination of both Local Area Networks (LANs) and Wide
Area Networks (WANs). LANs are commonly Ethernet networks that contain devices such
as PCs, printers, and servers. WANs are used to connect networks over a large
geographical area. For example, a WAN connection is commonly used to connect a LAN to
the Internet Service Provider (ISP) network.

The primary responsibility of a router is to direct packets destined for local and remote
networks by:
Determining the best path to send packets
Forwarding packets toward their destination

The router uses its routing table to determine the best path to forward the packet. When the
router receives a packet, it examines its destination IP address and searches for the best
match with a network address in the router's routing table. The routing table also includes
the interface to be used to forward the packet. Once a match is found, the router
encapsulates the IP packet into the data link frame of the outgoing or exit interface, and the
packet is then forwarded toward its destination.

18

ROUTING PROTOCOLS
Static Routing
Remote networks are added to the routing table either by configuring static routes or
enabling a dynamic routing protocol. When the IOS learns about a remote network and the
interface that it will use to reach that network, it adds that route to the routing table as long
as the exit interface is enabled.
A static route includes the network address and subnet mask of the remote network, along
with the IP address of the next-hop router or exit interface. Static routes are denoted with the
code S in the routing table as shown in the figure. Static routes are examined in detail in the
next chapter.
When to Use Static Routes
Static routes should be used in the following cases:
A network consists of only a few routers. Using a dynamic routing protocol in such a case
does not present any substantial benefit. On the contrary, dynamic routing may add more
administrative overhead.
A network is connected to the Internet only through a single ISP. There is no need to use a
dynamic routing protocol across this link because the ISP represents the only exit point to
the Internet.
A large network is configured in a hub-and-spoke topology. A hub-and-spoke topology
consists of a central location (the hub) and multiple branch locations (spokes), with each
spoke having only one connection to the hub. Using dynamic routing would be unnecessary
because each branch has only one path to a given destination-through the central location.

19
Typically, most routing tables contain a combination of static routes and dynamic routes. But,
as stated earlier, the routing table must first contain the directly connected networks used to
access these remote networks before any static or dynamic routing can be used.

DYNAMIC ROUTING PROTOCOL

What exactly are dynamic routing protocols? Routing protocols are used to facilitate
the exchange of routing information between routers. Routing protocols allow routers to
dynamically share information about remote networks and automatically add this information
to their own routing tables.
Routing protocols determine the best path to each network which is then added to the
routing table. One of the primary benefits to using a dynamic routing protocol is that routers
exchange routing information whenever there is a topology change. This exchange allows
routers to automatically learn about new networks and also to find alternate paths when
there is a link failure to a current network.
Compared to static routing, dynamic routing protocols require less administrative overhead.
However, the expense of using dynamic routing protocols is dedicating part of a router's
resources for protocol operation including CPU time and network link bandwidth. Despite the
benefits of dynamic routing, static routing still has its place. There are times when static
routing is more appropriate and other times when dynamic routing is the better choice. More
often than not, you will find a combination of both types of routing in any network that has a
moderate level of complexity.

20

Static Routing Usage

Before identifying the benefits of dynamic routing protocols, we need to consider the
reasons why we would use static routing. Dynamic routing certainly has several advantages
over static routing. However, static routing is still used in networks today. In fact, networks
typically use a combination of both static and dynamic routing.

Static routing has several primary uses, including:

Providing ease of routing table maintenance in smaller networks that are not expected to
grow significantly.
Use of a single default route, used to represent a path to any network that does not have a
more specific match with another route in the routing table.

21

Static Routing Advantages and Disadvantages

In the table dynamic and static routing features are directly compared. From this
comparison, we can list the advantages of each routing method. The advantages of one
method are the disadvantages of the other.
Static routing advantages:
Minimal CPU processing.
Easier for administrator to understand.
Easy to configure.

Static routing disadvantages:

Configuration and maintenance is time-consuming.
Configuration is error-prone, especially in large networks.
Administrator intervention is required to maintain changing route information.
Does not scale well with growing networks; maintenance becomes cumbersome.
Requires complete knowledge of the whole network for proper implementation.

22

Dynamic Routing Advantages and Disadvantages

Dynamic routing advantages:
Administrator has less work maintaining the configuration when adding or deleting networks.
Protocols automatically react to the topology changes.
Configuration is less error-prone.
More scalable, growing the network usually does not present a problem.
Dynamic routing disadvantages:
Router resources are used (CPU cycles, memory and link bandwidth).
More administrator knowledge is required for configuration, verification, and troubleshooting.

Dynamic Routing Protocols Classification

Routing protocols can be classified into different groups according to their characteristics.
The most commonly used routing protocols are:
RIP - A distance vector interior routing protocol
IGRP - The distance vector interior routing developed by Cisco (deprecated from 12.2 IOS
and later)
OSPF - A link-state interior routing protocol
IS-IS - A link-state interior routing protocol
EIGRP - The advanced distance vector interior routing protocol developed by Cisco
BGP - A path vector exterior routing protocol

23
Note: IS-IS and BGP are beyond the scope of this course and are covered in the CCNP
curriculum.re administrator knowledge is required for configuration, verification, and
troubleshooting.

24

SWITCH:
A network switch (also called switching hub, bridging hub, officially MAC bridge[1]) is
a computer networking device that connects devices together on a computer network, by
using packet switching to receive, process and forward data to the destination device. Unlike
less advanced network hubs, a network switch forwards data only to one or multiple devices
that need to receive it, rather than broadcasting the same data out of each of its ports.[2]
A network switch is a multiport network bridge that uses hardware addresses to process and
forward data at the data link layer (layer 2) of the OSI model. Switches can also process
data at the network layer (layer 3) by additionally incorporating routing functionality that most
commonly uses IP addresses to perform packet forwarding; such switches are commonly
known as layer-3 switches or multilayer switches.[3] Beside most commonly
used Ethernet switches, they exist for various types of networks, including Fibre
Channel, Asynchronous Transfer Mode, and InfiniBand. The first Ethernet switch was
introduced by Kalpana in 1990.

SWITCHING
LAN switching is a form of packet switching used in local area networks (LAN). Switching
technologies are crucial to network design, as they allow traffic to be sent only where it is
needed in most cases, using fast, hardware-based methods. LAN switching uses different
kinds of network switches. Basic switch is marked as layer 2 switch and could be found in
nearly all LAN around. Layer 3 or layer 4 switch requires advanced technology
(see managed switch) and are more expensive, and thus could be found in larger LAN or in
the special network environment.

25

LAYER 2 SWITCHING
Layer 2 switching uses the media access control address (MAC address) from the
host's network interface cards (NICs) to decide where to forward frames. Layer 2 switching
is hardware-based,[1] which means switches use application-specific integrated
circuit (ASICs) to build and maintain filter tables (also known as MAC address tables or CAM
tables). One way to think of a layer 2 switch is as a multiport bridge.
Layer 2 switching provides the following

Hardware-based bridging (MAC)

Wire speed

High speed

Low latency

Layer 2 switching is highly efficient because there is no modification to the data packet, only
to the frame encapsulation of the packet, and only when the data packet is passing through
dissimilar media (such as from Ethernet to FDDI). Layer 2 switching is used for workgroup
connectivity and network segmentation (breaking up collision domains). This allows a flatter
network design with more network segments than traditional 10BaseT shared networks.
Layer 2 switching has helped develop new components in the network infrastructure.

Server farms Servers are no longer distributed to physical locations because

virtual LANs can be created to create broadcast domains in a switched internetwork.
This means that all servers can be placed in a central location, yet a certain server can
still be part of a workgroup in a remote branch, for example.

26

Intranets Allows organization-wide client/server communications based on a Web

technology.

These new technologies allow more data to flow off from local subnets and onto a routed
network, where a router's performance can become the bottleneck.

Limitations
Layer 2 switches have the same limitations as bridge networks. Bridges are good if a
network is designed by the 80/20 rule: users spend 80 percent of their time on their local
segment.
Bridged networks break up collision domains, but the network remains one large broadcast
domain. Similarly, layer 2 switches (bridges) cannot break up broadcast domains, which can
cause performance issues and limits the size of your network. Broadcast and multicasts,
along with the slow convergence of spanning tree, can cause major problems as the network
grows. Because of these problems, layer 2 switches cannot completely replace routers in the
internetwork.

27

LAN
For the small- and medium-sized business, communicating digitally using data, voice, and
video is critical to business survival. Consequently, a properly designed LAN is a
fundamental requirement for doing business today. You must be able to recognize a welldesigned LAN and select the appropriate devices to support the network specifications of a
small- or medium-sized business.

A local area network (LAN) is a computer network that interconnects computers within a
limited area such as a residence, school, laboratory, or office building.[1] A local area network
is contrasted in principle to a wide area network (WAN), which covers a larger geographic
distance and may involve leased telecommunication circuits, while the media for LANs are
locally managed.
Ethernet over twisted pair cabling and Wi-Fi are the two most common transmission
technologies in use for local area networks. Historical technologies includeARCNET, Token
Ring, and AppleTalk.

28

The Hierarchical Network Model

When building a LAN that satisfies the needs of a small- or medium-sized business,
your plan is more likely to be successful if a hierarchical design model is used. Compared to
other network designs, a hierarchical network is easier to manage and expand, and
problems are solved more quickly.
Hierarchical network design involves dividing the network into discrete layers. Each layer
provides specific functions that define its role within the overall network. By separating the
various functions that exist on a network, the network design becomes modular, which
facilitates scalability and performance. The typical hierarchical design model is broken up in
to three layers: access, distribution, and core. An example of a three-layer hierarchical
network design is displayed in the figure.

Access Layer
The access layer interfaces with end devices, such as PCs, printers, and IP phones, to
provide access to the rest of the network. The access layer can include routers, switches,
bridges, hubs, and wireless access points (AP). The main purpose of the access layer is to
provide a means of connecting devices to the network and controlling which devices are
allowed to communicate on the network.
Distribution Layer
The distribution layer aggregates the data received from the access layer switches before it
is transmitted to the core layer for routing to its final destination. The distribution layer
controls the flow of network traffic using policies and delineates broadcast domains by
performing routing functions between virtual LANs (VLANs) defined at the access layer.
VLANs allow you to segment the traffic on a switch into separate subnetworks. For example,
in a university you might separate traffic according to faculty, students, and guests.
Distribution layer switches are typically high-performance devices that have high availability

29
and redundancy to ensure reliability. You will learn more about VLANs, broadcast domains,
and inter-VLAN routing later in this course.
Core Layer
The core layer of the hierarchical design is the high-speed backbone of the internetwork.
The core layer is critical for interconnectivity between distribution layer devices, so it is
important for the core to be highly available and redundant. The core area can also connect
to Internet resources. The core aggregates the traffic from all the distribution layer devices,
so it must be capable of forwarding large amounts of data quickly.
Note: In smaller networks, it is not unusual to implement a collapsed core model, where the
distribution layer and core layer are combined into one layer.

Benefits of a Hierarchical Network

There are many benefits associated with hierarchical network designs.
Scalability
Hierarchical networks scale very well. The modularity of the design allows you to replicate
design elements as the network grows. Because each instance of the module is consistent,
expansion is easy to plan and implement. For example, if your design model consists of two
distribution layer switches for every 10 access layer switches, you can continue to add
access layer switches until you have 10 access layer switches cross-connected to the two
distribution layer switches before you need to add additional distribution layer switches to the
network topology. Also, as you add more distribution layer switches to accommodate the
load from the access layer switches, you can add additional core layer switches to handle
the additional load on the core.
Redundancy

30
As a network grows, availability becomes more important. You can dramatically increase
availability through easy redundant implementations with hierarchical networks. Access layer
switches are connected to two different distribution layer switches to ensure path
redundancy. If one of the distribution layer switches fails, the access layer switch can switch
to the other distribution layer switch. Additionally, distribution layer switches are connected to
two or more core layer switches to ensure path availability if a core switch fails. The only
layer where redundancy is limited is at the access layer. Typically, end node devices, such
as PCs, printers, and IP phones, do not have the ability to connect to multiple access layer
switches for redundancy. If an access layer switch fails, just the devices connected to that
one switch would be affected by the outage. The rest of the network would continue to
function unaffected.
Performance
Communication performance is enhanced by avoiding the transmission of data through lowperforming, intermediary switches. Data is sent through aggregated switch port links from
the access layer to the distribution layer at near wire speed in most cases. The distribution
layer then uses its high performance switching capabilities to forward the traffic up to the
core, where it is routed to its final destination. Because the core and distribution layers
perform their operations at very high speeds, there is no contention for network bandwidth.
As a result, properly designed hierarchical networks can achieve near wire speed between
all devices.
Security
Security is improved and easier to manage. Access layer switches can be configured with
various port security options that provide control over which devices are allowed to connect
to the network. You also have the flexibility to use more advanced security policies at the
distribution layer. You may apply access control policies that define which communication
protocols are deployed on your network and where they are permitted to go. For example, if
you want to limit the use of HTTP to a specific user community connected at the access

31
layer, you could apply a policy that blocks HTTP traffic at the distribution layer. Restricting
traffic based on higher layer protocols, such as IP and HTTP, requires that your switches are
able to process policies at that layer. Some access layer switches support Layer 3
functionality, but it is usually the job of the distribution layer switches to process Layer 3
data, because they can process it much more efficiently.
Manageability
Manageability is relatively simple on a hierarchical network. Each layer of the hierarchical
design performs specific functions that are consistent throughout that layer. Therefore, if you
need to change the functionality of an access layer switch, you could repeat that change
across all access layer switches in the network because they presumably perform the same
functions at their layer. Deployment of new switches is also simplified because switch
configurations can be copied between devices with very few modifications. Consistency
between the switches at each layer allows for rapid recovery and simplified troubleshooting.
In some special situations, there could be configuration inconsistencies between devices, so
you should ensure that configurations are well documented so that you can compare them
before deployment.
Maintainability
Because hierarchical networks are modular in nature and scale very easily, they are easy to
maintain. With other network topology designs, manageability becomes increasingly
complicated as the network grows. Also, in some network design models, there is a finite
limit to how large the network can grow before it becomes too complicated and expensive to
maintain. In the hierarchical design model, switch functions are defined at each layer,
making the selection of the correct switch easier. Adding switches to one layer does not
necessarily mean there will not be a bottleneck or other limitation at another layer. For a full
mesh network topology to achieve maximum performance, all switches need to be highperformance switches, because each switch needs to be capable of performing all the
functions on the network. In the hierarchical model, switch functions are different at each

32
layer. You can save money by using less expensive access layer switches at the lowest
layer, and spend more on the distribution and core layer switches to achieve high
performance on the network.

Hierarchical Network Design Principles

Just because a network seems to have a hierarchical design does not mean that the network
is well designed. These simple guidelines will help you differentiate between well-designed
and poorly designed hierarchical networks. This section is not intended to provide you with
all the skills and knowledge you need to design a hierarchical network, but it offers you an
opportunity to begin to practice your skills by transforming a flat network topology into a
hierarchical network topology.
Network Diameter
When designing a hierarchical network topology, the first thing to consider is network
diameter. Diameter is usually a measure of distance, but in this case, we are using the term
to measure the number of devices. Network diameter is the number of devices that a packet
has to cross before it reaches its destination. Keeping the network diameter low ensures low
and predictable latency between devices.
Each switch in the path introduces some degree of latency. Network device latency is the
time spent by a device as it processes a packet or frame. Each switch has to determine the
destination MAC address of the frame, check its MAC address table, and forward the frame
out the appropriate port. Even though that entire process happens in a fraction of a second,
the time adds up when the frame has to cross many switches.
In the three-layer hierarchical model, Layer 2 segmentation at the distribution layer
practically eliminates network diameter as an issue. In a hierarchical network, network
diameter is always going to be a predictable number of hops between the source and
destination devices.

33

Bandwidth Aggregation
Each layer in the hierarchical network model is a possible candidate for bandwidth
aggregation. Bandwidth aggregation is the practice of considering the specific bandwidth
requirements of each part of the hierarchy. After bandwidth requirements of the network are
known, links between specific switches can be aggregated, which is called link aggregation.
Link aggregation allows multiple switch port links to be combined so as to achieve higher
throughput between switches. Cisco has a proprietary link aggregation technology called
EtherChannel, which allows multiple Ethernet links to be consolidated. A discussion of
EtherChannel is beyond the scope of this course. To learn more, visit:
http://www.cisco.com/en/US/tech/tk389/tk213/tsd_technology_support_protocol_home.html.
Redundancy
Redundancy is one part of creating a highly available network. Redundancy can be provided
in a number of ways. For example, you can double up the network connections between
devices, or you can double the devices themselves. This chapter explores how to employ
redundant network paths between switches. A discussion on doubling up network devices
and employing special network protocols to ensure high availability is beyond the scope of
this course. For an interesting discussion on high availability, visit:
http://www.cisco.com/en/US/products/ps6550/products_ios_technology_home.html.
Implementing redundant links can be expensive. Imagine if every switch in each layer of the
network hierarchy had a connection to every switch at the next layer. It is unlikely that you
will be able to implement redundancy at the access layer because of the cost and limited
features in the end devices, but you can build redundancy into the distribution and core
layers of the network.

34
Some network failure scenarios can never be prevented, for example, if the power goes out
in the entire city, or the entire building is demolished because of an earthquake. Redundancy
does not attempt to address these types of disasters. To learn more about how a business
can continue to work and recover from a disaster, visit:
http://www.cisco.com/en/US/netsol/ns516/networking_solutions_package.html.

Start at the Access Layer

Imagine that a new network design is required. Design requirements, such as the level of
performance or redundancy necessary, are determined by the business goals of the
organization. Once the design requirements are documented, the designer can begin
selecting the equipment and infrastructure to implement the design.
When you start the equipment selection at the access layer, you can ensure that you
accommodate all network devices needing access to the network. After you have all end
devices accounted for, you have a better idea of how many access layer switches you need.
The number of access layer switches, and the estimated traffic that each generates, helps
you to determine how many distribution layer switches are required to achieve the
performance and redundancy needed for the network. After you have determined the
number of distribution layer switches, you can identify how many core switches are required
to maintain the performance of the network. A thorough discussion on how to determine
which switch to select based on traffic flow analysis and how many core switches are
required to maintain performance is beyond the scope of this course. For a good introduction
to network design, read this book that is available from Ciscopress.com: Top-Down Network
Design, by Priscilla Oppenheimer (2004).

35

WAN

A wide area network (WAN) is a telecommunications network or computer

network that extends over a large geographical distance. Wide area networks often are
established with leased telecommunication circuits.
Business, education and government entities use wide area networks to relay data among
staff, students, clients, buyers, and suppliers from various geographical locations. In
essence, this mode of telecommunication allows a business to effectively carry out its daily
function regardless of location. The Internet may be considered a WAN.
Related terms for other types of networks are personal area networks (PANs), local area
networks (LANs), campus area networks (CANs), or metropolitan area networks (MANs)
which are usually limited to a room, building, campus or specific metropolitan area
respectively.
Design Options
The textbook definition of a WAN is a computer network spanning regions, countries, or
even the world. However, in terms of the application of computer networking protocols and
concepts, it may be best to view WANs as computer networking technologies used to
transmit data over long distances, and between different LANs, MANs and other localised
computer networking architectures. This distinction stems from the fact that common LAN
technologies operating at Layer 1/2 (such as the forms of Ethernet or Wifi) are often geared
towards physically localised networks, and thus cannot transmit data over tens, hundreds or
even thousands of miles or kilometres.

36
WANs do not just necessarily connect physically disparate LANs. A CAN, for example, may
have a localised backbone of a WAN technology, which connects different LANs within a
campus. This could be to facilitate higher bandwidth applications, or provide better
functionality for users in the CAN.
WANs are used to connect LANs and other types of networks together, so that users and
computers in one location can communicate with users and computers in other locations.
Many WANs are built for one particular organization and are private. Others, built by Internet
service providers, provide connections from an organization's LAN to the Internet. WANs are
often built using leased lines. At each end of the leased line, a router connects the LAN on
one side with a second router within the LAN on the other. Leased lines can be very
expensive. Instead of using leased lines, WANs can also be built using less costly circuit
switching or packet switching methods. Network protocols includingTCP/IP deliver transport
and addressing functions. Protocols including Packet over
SONET/SDH, MPLS, ATM and Frame Relay are often used by service providers to deliver
the links that are used in WANs. X.25 was an important early WAN protocol, and is often
considered to be the "grandfather" of Frame Relay as many of the underlying protocols and
functions of X.25 are still in use today (with upgrades) by Frame Relay.
Academic research into wide area networks can be broken down into three
areas: mathematical models, network emulation and network simulation.
Performance improvements are sometimes delivered via wide area file services or WAN
optimization.
Connection Technology
Many technologies are available for wide area network links. Examples include circuit
switched telephone lines, radio wave transmission, and optic fiber. New developments in
technologies have successively increased transmission rates. In ca. 1960, a 110 bit/s (bits

37
per second) line was normal on the edge of the WAN, while core links of 56 kbit/s to 64 kbit/s
were considered fast. As of 2014, households are connected to the Internet
with ADSL, Cable, Wimax, 4G or fiber at speeds ranging from 1 Mbit/s to 1 Gbit/s and the
connections in the core of a WAN can range from 1 Gbit/s to 100 Gbit/s.

Wireless Router
Wireless routers perform the role of access point, Ethernet switch, and router. For example,
the Linksys WRT300N used is really three devices in one box. First, there is the wireless
access point, which performs the typical functions of an access point. A built-in four-port, fullduplex, 10/100 switch provides connectivity to wired devices. Finally, the router function
provides a gateway for connecting to other network infrastructures.
The WRT300N is most commonly used as a small business or residential wireless access
device. The expected load on the device is low enough that it should be able to manage the
provision of WLAN, 802.3 Ethernet, and connect to an ISP.

Configurable Parameters for Wireless Endpoints

Several processes should occur to create a connection between client and access point. You
have to configure parameters on the access point-and subsequently on your client device-to
enable the negotiation of these processes.
The wireless network mode refers to the WLAN protocols: 802.11a, b, g, or n. Because
802.11g is backward compatible with 802.11b, access points support both standards.
Remember that if all the clients connect to an access point with 802.11g, they all enjoy the
better data rates provided. When 802.11b clients associate with the access point all the
faster clients contending for the channel have to wait on 802.11b clients to clear the channel

38
before transmitting. When a Linksys access point is configured to allow both 802.11b and
802.11g clients, it is operating in mixed mode.
For an access point to support 802.11a as well as 802.11b and g, it must have a second
radio to operate in the different RF band.

A shared service set identifier (SSID) is a unique identifier that client devices use to
distinguish between multiple wireless networks in the same vicinity. Several access points on
a network can share an SSID. The figure shows an example of SSIDs distinguishing
between WLANs, each which can be any alphanumeric, case-sensitive entry from 2 to 32
characters long.

The IEEE 802.11 standard establishes the channelization scheme for the use of the
unlicensed ISM RF bands in WLANs. The 2.4 GHz band is broken down into 11 channels for
North America and 13 channels for Europe. These channels have a center frequency
separation of only 5 MHz and an overall channel bandwidth (or frequency occupation) of 22
MHz. The 22 MHz channel bandwidth combined with the 5 MHz separation between center
frequencies means there is an overlap between successive channels. Best practices for
WLANs that require multiple access points are set to use non-overlapping channels. If there
are three adjacent access points, use channels 1, 6, and 11. If there are just two, select any
two that are five channels apart, such as channels 5 and 10. Many access points can
automatically select a channel based on adjacent channel use. Some products continuously
monitor the radio space to adjust the channel settings dynamically in response to
environmental changes.
802.11 Topologies

39
Wireless LANs can accommodate various network topologies. When describing these
topologies, the fundamental building block of the IEEE 802.11 WLAN architecture is the
basic service set (BSS). The standard defines a BSS as a group of stations that
communicate with each other.

Ad hoc Networks
Wireless networks can operate without access points; this is called an ad hoc topology.
Client stations which are configured to operate in ad hoc mode configure the wireless
parameters between themselves. The IEEE 802.11 standard refers to an ad hoc network as
an independent BSS (IBSS).
Basic Service Sets
Access points provide an infrastructure that adds services and improves the range for
clients. A single access point in infrastructure mode manages the wireless parameters and
the topology is simply a BSS. The coverage area for both an IBSS and a BSS is the basic
service area (BSA).
Extended Service Sets
When a single BSS provides insufficient RF coverage, one or more can be joined through a
common distribution system into an extended service set (ESS). In an ESS, one BSS is
differentiated from another by the BSS identifier (BSSID), which is the MAC address of the
access point serving the BSS. The coverage area is the extended service area (ESA).
Common Distribution System

40
The common distribution system allows multiple access points in an ESS to appear to be a
single BSS. An ESS generally includes a common SSID to allow a user to roam from access
point to access point.
Cells represent the coverage area provided by a single channel. An ESS should have 10 to
15 percent overlap between cells in an extended service area. With a 15 percent overlap
between cells, an SSID, and non-overlapping channels (one cell on channel 1 and the other
on channel 6), roaming capability can be created.

VLAN
A VLAN is a logically separate IP subnetwork. VLANs allow multiple IP networks and
subnets to exist on the same switched network. The figure shows a network with three
computers. For computers to communicate on the same VLAN, each must have an IP
address and a subnet mask that is consistent for that VLAN. The switch has to be configured
with the VLAN and each port in the VLAN must be assigned to the VLAN. A switch port with
a singular VLAN configured on it is called an access port. Remember, just because two
computers are physically connected to the same switch does not mean that they can
communicate. Devices on two separate networks and subnets must communicate via a
router (Layer 3), whether or not VLANs are used. You do not need VLANs to have multiple
networks and subnets on a switched network, but there are definite advantages to using
VLANs.
Benefits of a VLAN
User productivity and network adaptability are key drivers for business growth and success.
Implementing VLAN technology enables a network to more flexibly support business goals.
The primary benefits of using VLANs are as follows:

41
1. Security - Groups that have sensitive data are separated from the rest of the network,
decreasing the chances of confidential information breaches. Faculty computers are on
VLAN 10 and completely separated from student and guest data traffic.
2. Cost reduction - Cost savings result from less need for expensive network upgrades and
more efficient use of existing bandwidth and uplinks.
3. Higher performance - Dividing flat Layer 2 networks into multiple logical workgroups
(broadcast domains) reduces unnecessary traffic on the network and boosts
performance.
4. Broadcast storm mitigation - Dividing a network into VLANs reduces the number of
devices that may participate in a broadcast storm. As discussed in the "Configure a
Switch" chapter, LAN segmentation prevents a broadcast storm from propagating to the
whole network. In the figure you can see that although there are six computers on this
network, there are only three broadcast domains: Faculty, Student, and Guest.
5. Improved IT staff efficiency - VLANs make it easier to manage the network because users
with similar network requirements share the same VLAN. When you provision a new
switch, all the policies and procedures already configured for the particular VLAN are
implemented when the ports are assigned. It is also easy for the IT staff to identify the
function of a VLAN by giving it an appropriate name. In the figure, for easy identification
VLAN 20 has been named "Student", VLAN 10 could be named "Faculty", and VLAN 30
"Guest."
6. Simpler project or application management - VLANs aggregate users and network
devices to support business or geographic requirements. Having separate functions
makes managing a project or working with a specialized application easier, for example,
an e-learning development platform for faculty. It is also easier to determine the scope of
the effects of upgrading network services.

VLAN ID Ranges

42
Access VLANs are divided into either a normal range or an extended range.
Normal Range VLANs
Used in small- and medium-sized business and enterprise networks.
Identified by a VLAN ID between 1 and 1005.
IDs 1002 through 1005 are reserved for Token Ring and FDDI VLANs.
IDs 1 and 1002 to 1005 are automatically created and cannot be removed. You will learn
more about VLAN 1 later in this chapter.
Configurations are stored within a VLAN database file, called vlan.dat. The vlan.dat file is
located in the flash memory of the switch.
The VLAN trunking protocol (VTP), which helps manage VLAN configurations between
switches, can only learn normal range VLANs and stores them in the VLAN database file.

Extended Range VLANs

Enable service providers to extend their infrastructure to a greater number of customers.
Some global enterprises could be large enough to need extended range VLAN IDs.
Are identified by a VLAN ID between 1006 and 4094.
Support fewer VLAN features than normal range VLANs.
Are saved in the running configuration file.
VTP does not learn extended range VLANs.

255 VLANs Configurable

One Cisco Catalyst 2960 switch can support up to 255 normal range and extended range
VLANs, although the number configured affects the performance of the switch hardware.
Because an enterprise network may need a switch with a lot of ports, Cisco has developed
enterprise-level switches that can be joined or stacked together to create a single switching
unit consisting of nine separate switches. Each separate switch can have 48 ports, which
totals 432 ports on a single switching unit. In this case, the 255 VLAN limit per single switch
could be a constraint for some enterprise customers.

43

Types of VLAN
Today there is essentially one way of implementing VLANs - port-based VLANs. A portbased VLAN is associated with a port called an access VLAN.
However in the network there are a number of terms for VLANs. Some terms define the type
of network traffic they carry and others define a specific function a VLAN performs. The
following describes common VLAN terminology:
Data VLAN
A data VLAN is a VLAN that is configured to carry only user-generated traffic. A VLAN could
carry voice-based traffic or traffic used to manage the switch, but this traffic would not be
part of a data VLAN. It is common practice to separate voice and management traffic from
data traffic. The importance of separating user data from switch management control data
and voice traffic is highlighted by the use of a special term used to identify VLANs that only
carry user data - a "data VLAN". A data VLAN is sometimes referred to as a user VLAN.

Default VLAN
All switch ports become a member of the default VLAN after the initial boot up of the
switch. Having all the switch ports participate in the default VLAN makes them all part of the
same broadcast domain. This allows any device connected to any switch port to
communicate with other devices on other switch ports. The default VLAN for Cisco switches
is VLAN 1. VLAN 1 has all the features of any VLAN, except that you cannot rename it and
you can not delete it. Layer 2 control traffic, such as CDP and spanning tree protocol traffic,
will always be associated with VLAN 1 - this cannot be changed. In the figure, VLAN 1 traffic

44
is forwarded over the VLAN trunks connecting the S1, S2, and S3 switches. It is a security
best practice to change the default VLAN to a VLAN other than VLAN 1; this entails
configuring all the ports on the switch to be associated with a default VLAN other than VLAN
1. VLAN trunks support the transmission of traffic from more than one VLAN. Although VLAN
trunks are mentioned throughout this section, they are explained in the next section on
VLAN trunking.
Note: Some network administrators use the term "default VLAN" to mean a VLAN other than
VLAN 1 defined by the network administrator as the VLAN that all ports are assigned to
when they are not in use. In this case, the only role that VLAN 1 plays is that of handling
Layer 2 control traffic for the network.
Native VLAN
A native VLAN is assigned to an 802.1Q trunk port. An 802.1Q trunk port supports traffic
coming from many VLANs (tagged traffic) as well as traffic that does not come from a VLAN
(untagged traffic). The 802.1Q trunk port places untagged traffic on the native VLAN. In the
figure, the native VLAN is VLAN 99. Untagged traffic is generated by a computer attached to
a switch port that is configured with the native VLAN. Native VLANs are set out in the IEEE
802.1Q specification to maintain backward compatibility with untagged traffic common to
legacy LAN scenarios. For our purposes, a native VLAN serves as a common identifier on
opposing ends of a trunk link. It is a best practice to use a VLAN other than VLAN 1 as the
native VLAN.
Management VLAN
A management VLAN is any VLAN you configure to access the management capabilities of
a switch. VLAN 1 would serve as the management VLAN if you did not proactively define a
unique VLAN to serve as the management VLAN. You assign the management VLAN an IP
address and subnet mask. A switch can be managed via HTTP, Telnet, SSH, or SNMP. Since
the out-of-the-box configuration of a Cisco switch has VLAN 1 as the default VLAN, you see

45
that VLAN 1 would be a bad choice as the management VLAN; you wouldn't want an
arbitrary user connecting to a switch to default to the management VLAN.

Access Control List

An access control list (ACL), with respect to a computer file system, is a list
of permissions attached to an object. An ACL specifies which users or system processes are
granted access to objects, as well as what operations are allowed on given objects.[1] Each
entry in a typical ACL specifies a subject and an operation. For instance, if a file object has
an ACL that contains (Alice: read,write; Bob: read), this would give Alice permission to read
and write the file and Bob to only read it.

46
Implementations
Many kinds of systems implement ACL, or have a historical implementation.
Filesystem ACLs
In the 1990s the ACL and RBAC models were extensively tested and used to administrate
file permissions. A filesystem ACL is a data structure (usually a table) containing entries that
specify individual user or group rights to specific system objects such as programs,
processes, or files. These entries are known as access control entries (ACEs) in
the Microsoft Windows NT,[2] OpenVMS, Unix-like, andMac OS X operating systems. Each
accessible object contains an identifier to its ACL. The privileges or permissions determine
specific access rights, such as whether a user can read from, write to, orexecute an object.
In some implementations, an ACE can control whether or not a user, or group of users, may
alter the ACL on an object.
Most of the Unix and Unix-like operating systems (e.g. Linux,[3] BSD, or Solaris) support
POSIX.1e ACLs, based on an early POSIX draft that was abandoned. Many of them, for
example AIX,FreeBSD,[4] Mac OS X beginning with version 10.4 ("Tiger"),
or Solaris with ZFS filesystem,[5] support NFSv4 ACLs, which are part of the NFSv4
standard. There are two experimental implementations of NFSv4 ACLs for Linux: NFSv4
ACLs support for Ext3 filesystem[6] and recent Richacls,[7] which brings NFSv4 ACLs support
for Ext4 filesystem.
Networking ACLs
On some types of proprietary computer hardware (in particular routers and switches), an
Access Control List refers to rules that are applied to port numbers or IP Addresses that are
available on a host or other layer 3, each with a list of hosts and/or networks permitted to
use the service. Although it is additionally possible to configure Access Control Lists based
on network domain names, this is generally a questionable idea because individual TCP,

47
UDP, and ICMP headers do not contain domain names. Consequently, the device enforcing
the Access Control List must separately resolve names to numeric addresses. This presents
an additional attack surface for an attacker who is seeking to compromise security of the
system which the Access Control List is protecting. Both individual servers as well
as routers can have network ACLs. Access control lists can generally be configured to
control both inbound and outbound traffic, and in this context they are similar to firewalls.
Like Firewalls, ACLs are subject to security regulations and standards such as PCI DSS.
SQL implementations
ACL algorithms have been ported to SQL and relational database systems. Many "modern"
(2000's and 2010's) SQL based systems, like Enterprise resource planning and Content
management systems, have used ACL model in their administration modules.

48
AIM : - Construct a small corporate network connected through WAN. In each corporate
office there should be separate network for employee users and guest users. Each office
should have its own server providing facilities of FTP, web and DNS .BUT guest users
should not be able to use the Web facility.
Solution:

First we will configure LAN 1 and on the similar grounds we can easily configure other 2(or
as many networks we want) LANs.
In LAN 1:Steps for configuring Switch 0
Here we will create a vlan for interacting with the wireless router (Linksys WRT300N),which
will further communicate with guest users.(through fa0/2)
Also will configure fa0/3 port of switch to trunk mode so that the two switches can
communicate with each other.
Switch#conf t
Switch(config)#interf fa0/3
Switch(config-if)#switchport mode trunk
Switch(config-if)#exit
Switch(config)#interface fa0/2
Switch(config-if)#switchport mode access
Switch(config-if)#exit
Switch(config)#vlan 2

49
Switch(config-vlan)#interface fa0/2
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 2
Switch(config-if)#exit
Switch(config)#exit
Also we need to configure fa0/1 port connected to router to trunk mode ,so that when we
configure router for inter-vlan routing, the vlans communicate properly within as well as
outside the (private)network.
Switch>en
Switch#conf t
Switch(config)#interf fa0/1
Switch(config-if)#switchport mode trunk

Steps for configuring Router 0

Here will configure the fast Ethernet cable of routerto create its sub interfaces so that the
different vlans .
Router>en
Router#conf t
Router(config)#interf fa0/0.1
Router(config-subif)#encapsulation dot1q 1
Router(config-subif)#ip address 10.0.0.1 255.0.0.0

50
Router(config-subif)#ex
Router(config)#interf fa0/0.2
Router(config-subif)#encapsulation dot1q 2
Router(config-subif)#ip address 20.0.0.1 255.0.0.0
Router(config-subif)#ex
Router(config)#interf fa0/0
Router(config-if)#no shutdown
Router(config-if)#ex
Steps for configuring Wireless Router 0
Here we configure the wireless router to communicate with router 0,via switch 0, so that it
may further pass the data to wirelessly connected guest users.
Here we will configure the internet port connected to fa0/2 port of Switch 0 with
ip address : 20.0.0.12
subnet mask : 255.0.0.0
gateway : 20.0.0.1
The LAN port will be automatically allocated with class C private ip ,we need not to modify
that.
The host laptops should be attached with WAN card so that they may receive the signals of
the wireless router. With the help of DHCP setting these host laptops will automatically be
configured to a class C private ip.(If we want we can even configure them to static ips.)
Steps for configuring the Server 0

51
In the Global Settings section assign
Gateway : 40.0.0.2
DNS Server : 40.0.0.1
Switch on the HTTP/HTTPS mode of the server.
In the DNS section add the name of website and its address.
Name : www.abc.com address: 40.0.0.1
(we can add as many websites as we require.)
In the FTP section, set the username and password for the host machines.
Username : cisco

Password: cisco

Also assign their permissions of access alongwith.

Permission: RWDNL
At the end go to Fast ethernet0 section and assign the cable connecting the server to the
local router an ip address,with the help of which it will communicate with others.
IP address : 40.0.0.1 Subnet mask: 255.0.0.0

Steps for RE- configuring Router 0 (for communicating with Server 0 and Frame-relay)
//for configuring fa0/1 to communicate the data of server .
Router#conf t
Router(config)#inter fa0/1
Router(config-if)#ip address 40.0.0.1 255.0.0.0
Router(config-if)#no shutdown

52
Router(config-if)#ex
//for configuring router to communicate to cloud via s0/1/0
Router(config)#interf s0/1/0
Router(config-if)#encapsulation frame-relay
Router(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/0, changed state to up
Router(config-if)#ex
Router(config)#access-list 10 permit any
Router(config)#ip nat inside source list 10 interface s0/1/0 overload
Router(config)#interf fa0/0.1
Router(config-subif)#ip nat inside
Router(config-subif)#interf fa0/0.2
Router(config-subif)#ip nat inside
Router(config-subif)#interf s0/1/0
Router(config-if)#ip nat outside
Router(config-if)#
Router(config-if)#end

Router#
Router#configure terminal

53
Router(config)#interface Serial0/1/0
Router(config-if)#ip address 50.0.0.1 255.0.0.0
Router(config-if)#ex
Router(config)#router ospf 100
Router(config-router)#network 10.0.0.0 0.255.255.255 area 0
Router(config-router)#network 20.0.0.0 0.255.255.255 area 0
Router(config-router)#network 40.0.0.0 0.255.255.255 area 0
Router(config-router)#network 50.0.0.0 0.255.255.255 area 0
Router(config-router)#ex
Router(config)#ex
Now when we will check on the PCs of inner LAN, they will be able to ping other routers
connected to the cloud thereby confirming the WAN connection.
Now here all the inner host machines ,on both VLANs , are able to access all the services of
the server in the LAN .i.e. http, ftp and dns.
As we want that the guest nework (having wireless connecion among them) should not be
able to use the FTP facility of the server ,so we need to apply dynamic ACL on the guest
network existing on vlan 2.
Router(config)#access-list 101 deny tcp 20.0.0.0 0.255.255.255 40.0.0.0 0.255.255.255 eq
ftp
Router(config)#access-list 101 permit ip any any
Router(config)#interf fa0/0.2
Router(config-subif)#ip access-group 101 in

54
Router(config-subif)#
Router(config-subif)#ex
After executing these commands ,we will achieve the above said target.

# End of configuration for LAN 1

By following the above written commands we will form a single LAN connection, having its
own private server, which is ABLE to communicate to other LANs with the help of
WAN(frame-relay).
We need to follow similar steps on routers and switches of other LANs, in order configure
them to communicate among themselves as well as with other LANs via cloud.
We can use same private ips inside a LAN(LAN1 and LAN2) or we can use any other public
ip (LAN3) as per our convenience and requirement, but we have take for the same while
entering the commands for them on devices in network.
NOTE: Take extreme care while applying NAT and ACLs on the routers.

Steps for configuring Cloud0

First here we go to the Serial 0 section:
We enter the DLCI number as well as name.
(Here 102 and 103,both as name and number)
Similarly for Serial 1 (201 and 203) and for Serial 2(301 and 302).
Also switch on all the ports consequently.

55
Then go to the Frame Relay section and map the DLCIs with each other properly ,such that
the routers connected to these serial ports communicate with each other.
102 <->201
103<->301
203<->302
Now our corporate WAN network is READY!!

56